Apache Log4j vulnerability (CVE-2021-44228)
Log4j is an open-source Java logging library widely used in many applications and added in many services as a dependency. This includes enterprise applications, including custom applications developed within an organization.
The below is the aggregated list of DecOps tools and its fixes for log4j vulnerability
Cloud providers report on log4j
| Tools | Fix Links |
|---|---|
| AWS | click here |
| Azure | click here |
| GCP | click here |
| Oracle | click here |
| Redhat | click here |
List of DevOps tools along with its fixes
| Tools | Advisory Links | Threat Level | Updated on |
|---|---|---|---|
| Appdynamics | click here | High | - |
| Bamboo | click here | - | - |
| Chef | click here | Not affected | - |
| Confluence | click here | Low | - |
| Consul | click here | - | - |
| Datadog | click here | Low | - |
| Dynatrace | click here | - | - |
| Elastic Stack | click here | - | - |
| Github | click here | - | - |
| Gitlab | - | - | - |
| GoCD | click here | - | - |
| Grafana | click here | No Impact | - |
| Harness | click here | Low | - |
| Hashicorp vault | click here | NA | - |
| Jenkins | click here | Low | 14-Dec-21 |
| Jfrog | click here | NA | - |
| Jira | click here | Low | - |
| New Relic | click here | - | - |
| Nexus & Nexus IQ | click here | - | - |
| Packer | click here | NA | - |
| Puppet | click here | NA | - |
| Salt | click here | NA | - |
| Splunk | click here | - | - |
| Subversion | - | - | - |
| Terraform | click here | NA | - |
| Tomcat | click here | - | - |
| WebSphere | click here | - | - |
| Wildfly | click here | - | - |
Notes
- Application developed on top of Go-lang are not mostly affected